Insiders are people working inside the secure perimeter either as users, developers or other trusted personnel. The big difference from regular cyber-attacks is the insider is often on a trusted network or has physical access to the device or system. The attack surface for insiders is larger than for outsiders. According to the SEI, 21% of electronic crime was perpetrated by insiders and 43% of respondents to their survey had experienced at least one insider attack.

Insider attacks might be due to unintentional mistakes or intentional malice by disgruntled employees. Attacks can be perpetrated when a product is in the field by intentional misuse or via pre-programmed vulnerabilities. Attacks programmed into the product ahead of time are of interest in this post, and in the same SEI survey, 37% of insider attacks were caused by “virus, worms or other malicious code.”

Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

In this report:

The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior.) One such class of insider attack is malicious code added during development that allows for future exploitation. Advanced static analysis tools can detect these within source and binary code before they get shipped to customers. In addition to existing detection for security vulnerabilities, this paper also talks about specific security vulnerability checks to detect certain insider attacks.

About GrammaTech

At GrammaTech, we help our customers, partners, and government research sponsors solve the most challenging software issues of today and tomorrow, safeguarding embedded mission-critical devices from failure and cyber attack. With our security-first software design philosophy, you can rely on GrammaTech to help you design, develop, and deploy trusted software applications -- minimizing corporate risks and maximizing your competitive position.